New XMRig Cryptojacking Malware Found by Trend Micro Is Attacking Devices Around the World

No matter how many opportunities there are in the cryptocurrency industry to honestly earn returns on an investment, hackers continue to work around these options and infect systems with malware. While the biggest malware that people used to worry about was Coinhive, the mining script has been shut down. However, that has not stopped a new malware program from attempting to take its place.

Trend Micro found malware that uses current vulnerabilities in web pages and other sources.

At-risk individuals can update their device’s software with the most current verified patches to be protected.

The cryptocurrency investors of the world are probably pretty happy to see the Coinhive crypto mining script offline, but that doesn’t mean that cryptojacking is over. In fact, recent research by Trend Micro indicates that there’s a new collection of malware that is going after users’ hardware, in an effort to mine cryptocurrency.

According to reports from The Next Web’s Hard Fork, Trend Micro states that the malware is deployed on many web servers while applying brute-force attacks. As the user’s hardware encounters the malware, it downloads Monero cryptocurrency miner XMRig. The most active malware in May was BlackSquid, and the majority of its attacks appeared to be in Thailand and the United States. “BlackSquid” is the name that Trend Micro has given the malware family.

Right now, as far as Trend Micro can tell, there are eight exploits used by BlackSquid, including EternalBlue, DoublePulsar, three security flaws in servers (CVE-2014-6287, CVE-2017-12615, CVE-2017-8464), and three vulnerabilities in web applications (ThinkPHP). However, Hark Fork warns that these exploits are hardly the most worrisome details of the malware.

The BlackSquid family of malware still has a lot of hidden tactics, like anti-virtualization, anti-debugging, and anti-sandboxing. All of these protocols happen before installation starts, which basically means that it will only download to the user’s hardware if it has determined that the malware will be undetected. As one computer on the network is infected, the malware goes after connected systems to make the attack more widespread.

The attacks themselves come through webpages that are already infected, web servers that the malware has compromised, or infected removable hardware. In the event that the malware is successfully undetected, it installs their variation of the XMRig, and it also looks for a video card to help with mining. Essentially, the attack goes after absolutely everything it can to improve the attacker’s likelihood of getting a return.

Even though there is a chance of major damage for an infected system, it is going after exploits and vulnerabilities that are already known. Protecting against the attack is relatively simple since the vulnerabilities have already been patched. Make sure that any network connected has the most updated version of its own software, and that all of the current patches from verified sources have already been installed.

Researchers believe the malware to be still in the testing stage, and that there are multiple features that may still need to be trialed. That being said, this may not be the last time that BlackSquid arises in the industry as a worrisome malware.

Krystle is an American cryptocurrency blogger that wants to see the future of crypto and blockchain technology evolve. She has been writing about cryptocurrency for about a year, with a special interest in blockchain technology and regulatory measures around the world. While away from writing and learning about the changes in the cryptocurrency industry, she likes to indulge in science fiction novels and further her experience in playing both guitar and piano.

[Alert] Use the author's self-conducted information at your own risk, do you own research, never invest more than you are willing to lose.

[Disclosure] The published news and content on BitcoinExchangeGuide should never be used or taken as financial investment advice. Understand trading cryptocurrencies is a very high-risk activity which can result in significant losses. Editorial Policy \\ Investment Disclaimer